Configure Networking
The basic networking -- IP name, address, and netmask -- should have
been set by EZsetup. If you didn't,
or something broke, this will briefly show you what you need to
change. Then, other configuration parameters will be shown.
EZsetup should have changed...
/etc/sys_id: hostname
EZsetup should have set /etc/sys_id to be the
Internet name of the machine; I prefer Fully Qualified Domain Names
like wirehead.hq.nasa.gov to simple hostnames like
wirehead; I've found some software that doesn't work without
it.
/etc/hosts: IP address
This hostname mapped to the system's IP address in
/etc/hosts with a line like
131.182.121.88 wirehead.hq.nasa.gov wirehead
I like the FQDN first, as this is supposed to be the official name of
the host.
netmask should have been set, but...
EZsetup is supposed to set the netmask, but I find it doesn't
do this reliably. Perhaps this is because we do not use the
default. We'll cover that next anyway to be sure.
Final network configuration
Once the IP address and name are assigned, the netmask, default route,
and resolver information can be specified. This should put your
machine on the net so you can reach other hosts, perhaps to download
security-relates software like tcp_wrappers.
Netmask and broadcast addresses
The netmask specifies how many bits of the IP address should be
considered the address part, and how much the host. The broadcast
address is related to this and specifies what bits indicate an address
used for broadcasting information to all hosts on the given network.
The IP range at NASA/HQ is a Class B address, 131.182.0.0, and the
SGI properly defaults to the Class B netmask (255.255.0.0) and
broadcast address (131.182.255.255). But since HQ uses Class C
subnetting, this needs to be overridden in the
/etc/config/ifconfig-1.options file as:
netmask 255.255.255.0 broadcast 131.182.121.255
This indicates that the first three bytes of an IP address are treated
as the network number and the last specifies the host. Broadcasts are
sent to all hosts on our (subnetted) network.
Before doing this, we experienced time-outs, net-lossage, etc,
especially from NFS. We also could not get NIS clients to bind to
their NIS master -- apparantly, the broadcast failed to attract the
attention of the server.
Default route
Specify your router in /etc/gateways as appropriate to your
environment; for example, we use:
net 0.0.0.0 gateway 131.182.121.1 metric 1 passive
This says that to set the default route to the specified gateway, that
the router is 1 hop away, and is passive (doesn't advertise its
presence?).
Resolver
Edit /etc/resolv.conf to specify your Internet domain name,
nameservers, and the sequence to use for hostname resolution. I don't
like NIS, but I like to be able to access machines in my
/etc/hosts file if I'm trying to outsmart BIND. So my
/etc/resolv.conffile looks like:
hostresorder bind local
domain hq.nasa.gov
nameserver 131.182.1.28
nameserver 131.182.230.28
nameserver 128.102.16.2
Caution!
Don't use these numbers unless they're right for you -- unlikely. Use numbers appropriate for site and subnet.
Now Close Some Network Security Holes
[more later...??]
Chris Shenton